Configuring real servers Firewall Load Balance
FortiGate Version 4.0 Administration Guide
392 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
3 Select OK.
Configuring real servers
Configure a real server to bind it to a virtual server.
To view the real server list, go to Firewall > Load Balance > Real Server.
Figure 242: Real server list
SSL Offloading Select to accelerate clients’ SSL connections to the server by using the
FortiGate unit to perform SSL operations, then select which segments of
the connection will receive SSL offloading.
• Client <-> FortiGate
Select to apply hardware accelerated SSL only to the part of the
connection between the client and the FortiGate unit. The segment
between the FortiGate unit and the server will use clear text
communications. This results in best performance, but cannot be
used in failover configurations where the failover path does not have
an SSL accelerator.
• Client <-> FortiGate <-> Server
Select to apply hardware accelerated SSL to both parts of the
connection: the segment between client and the FortiGate unit, and
the segment between the FortiGate unit and the server. The segment
between the FortiGate unit and the server will use encrypted
communications, but the handshakes will be abbreviated. This results
in performance which is less than the other option, but still improved
over communications without SSL acceleration, and can be used in
failover configurations where the failover path does not have an SSL
accelerator. If the server is already configured to use SSL, this also
enables SSL acceleration without requiring changes to the server’s
configuration.
SSL 3.0, TLS 1.0, and TLS 1.1 are supported.
SSL Offloading appears only if HTTPS or SSL are selected for Type, and
only on FortiGate models with hardware that supports SSL acceleration.
Note: Additional SSL Offloading options are available in the CLI. For
more information, see the FortiGate CLI Reference.
Certificate Select the certificate to use with SSL Offloading. The certificate key size
must be 1024 or 2048 bits. 4096-bit keys are not supported.
This option appears only if HTTPS or SSL are selected for Type, and is
available only if SSL Offloading is selected.
Health Check Select which health check monitor configuration will be used to
determine a server’s connectivity status.
For information on configuring health check monitors, see “Configuring
health check monitors” on page 393.
Comments Any comments or notes about this virtual server.
Create New Select to add real servers. For more information, see “To create a real
server” on page 393.
IP Address Select the blue arrow beside a virtual server name to view the IP
addresses of the real servers that are bound to it.
Port The port number on the destination network to which the external port
number is mapped.
To Next Page
Loading...